Now that I've finally had time to sit down and look it this, yes, you are right. Must have been one of the things you mentioned below. I will update our documentation and script usage. Thanks for your help!
William > -----Original Message----- > From: [email protected] [mailto:sunray-users- > [email protected]] On Behalf Of Bob Doolittle > Sent: Friday, December 05, 2008 5:51 PM > To: SunRay-Users mailing list > Subject: Re: [SunRay-Users] AMGH - unable to get started with "Getting > Started" > > William Yang wrote: > > I split the scripts for the reason I mentioned on the documentation > wiki...at least when I was initially playing with it I found that any > changes to the script registered with AMGH required a utrestart to work, > as if AMGH were reading in the script at software startup time instead of > on-demand. > > > > Not true. I suspect subtle artifacts were misconstrued (easy to do). > All utamghadm does is to store the location of the script and activate > the mechanism. The script is run - in place, every time the PAM stack > is invoked. > > One common issue when people are initially experimenting with AMGH is this: > AMGH works in PAM. That means a new greeter session has to be created > for AMGH to take effect. > When you remove a token from a greeter session (i.e. disconnect it) it > doesn't die for 15 minutes by default. > > Therefore if you're inserting and removing your card and actively > experimenting with AMGH parameters in your script or the DB it relies > upon, you might not see what you expect because when you re-insert your > token you get the existing greeter session, which has already run the > PAM stack and is waiting for user input so AMGH doesn't get another > swing with the changed parameters. > > People don't typically run into this in production because it's usually > more than 15 minutes after an AMGH parameter change before a token is > inserted. If this is really an issue for you you can change the > idle-session reap timeout by: > # cp /etc/opt/SUNWut/reaper.conf.template /etc/opt/SUNWut/reaper.conf > - edit reaper.conf to set REAPER_TIMEOUT to a smaller value. You might > try 0 if you are experimenting but this might cause race cases in > production so I recommend at least 30 seconds for busy systems. We > don't test with reduced values so there can be issues if you use too > small a value. > > Note that by reducing this value you may increase overhead of session > startup when a token is inserted. The reason for this hysteresis is > because people sometimes leave and then return within a short interval > and this prevents overhead of session teardown/startup. > > Of course the other alternative while experimenting is to use "utsession > -k" to actively kill the session after you change an AMGH parameter and > start fresh. > > -Bob > > Disclaimer: Opinions expressed in this mail are my own, > and are not necessarily shared by my employer > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
